Quote:
Originally Posted by Brian mike
unique name server, unique ip, unique ftp, unique password for each website . what do i miss ?
|
The most common Wordpress injections are probably through too loose of security on file/folder permissions. All security should be as tight as possible while still allowing the site to operate.
If you do not need uploads then the uploads folder should not be 777, same with cache folders and other commonly "left wide open" folders.
There should be no plugins installed or present in the plugins folder that are not being used. Same with themes, if you are not using the theme remove it from the server.
Wordpress is a security mess in my opinion.
.